af399c02f7eb0462faccf4a19fabcb6a_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

af399c02f7eb0462faccf4a19fabcb6a_JaffaCakes118
Size

184KB
MD5

af399c02f7eb0462faccf4a19fabcb6a
SHA1

fe608b3467039d61713fd04a92e759f2375be7c2
SHA256

a8d8a7b0752aa5bf57f2a0c1b661ec1d2bdaa7221e43360aca2ec3f1f7e8398c
SHA512

6085e9682de24735dd4ce3927d8cd2ef24983477c9ce7a8150cf045237edac7315c40bf47b7d73577cb256d858e439f292bf3f1f99475a9b5f27e3051fb13301
SSDEEP

3072:7vbc0OhD/WdoyJK528wpAfhuwe8pNyM5x3+O/oMYlp5vnp4J2d:78hCmyIs8KAfhxjfg5vyO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
af399c02f7eb0462faccf4a19fabcb6a_JaffaCakes118

Files

af399c02f7eb0462faccf4a19fabcb6a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

a126a781c894f730b2a68be384118535

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

OpenSCManagerW
CloseServiceHandle
QueryServiceStatus
DeleteService
StartServiceW
OpenServiceW
CreateServiceW
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegCloseKey
RegQueryValueExA
RegCreateKeyExA
RegOpenKeyExA
SetSecurityDescriptorDacl
IsValidSid
InitializeSecurityDescriptor
GetTokenInformation
GetLengthSid
FreeSid
EqualSid
AllocateAndInitializeSid
GetKernelObjectSecurity

user32

MsgWaitForMultipleObjects
OpenInputDesktop
PeekMessageA
GetUserObjectInformationA
EndDialog
DefWindowProcA
DestroyWindow
GetThreadDesktop
CloseDesktop
GetKeyboardType
DialogBoxParamA
BeginPaint
GetClientRect
DrawTextA
EndPaint
CreateWindowExA
ShowWindow
UpdateWindow
LoadIconA
LoadCursorA
RegisterClassExA
LoadStringA
RegisterWindowMessageA
LoadAcceleratorsA
SetTimer
GetMessageA
TranslateAcceleratorA
TranslateMessage
DispatchMessageA
KillTimer
SystemParametersInfoA
GetAsyncKeyState
GetForegroundWindow
GetWindowLongA
MapVirtualKeyA
keybd_event
GetClassNameA
PostMessageA
FindWindowA
GetKeyState
wsprintfA
MessageBoxA
ExitWindowsEx

kernel32

LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
MultiByteToWideChar
GetOEMCP
GetACP
GetCPInfo
InterlockedIncrement
InterlockedDecrement
IsBadCodePtr
HeapReAlloc
HeapCreate
HeapDestroy
GetEnvironmentVariableA
GetFileType
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
WideCharToMultiByte
FreeEnvironmentStringsW
FreeEnvironmentStringsA
SetUnhandledExceptionFilter
CreateEventW
CreateFileMappingA
CreateFileMappingW
CreateMutexA
CreateMutexW
CreatePipe
CreateProcessA
CreateProcessW
DuplicateHandle
FormatMessageA
DeleteFileW
GetSystemDirectoryW
GetVersionExW
Sleep
GetLastError
CloseHandle
GetCurrentProcess
DeviceIoControl
GetVersionExA
CreateEventA
CreateFileA
GetTickCount
ResetEvent
WaitForSingleObject
SetThreadPriority
CreateThread
ExitProcess
VirtualFree
WriteFile
GetSystemDirectoryA
VirtualAlloc
LockResource
LoadResource
SizeofResource
FindResourceA
HeapFree
HeapAlloc
GetProcessHeap
SetPriorityClass
OpenEventA
GetCurrentThread
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
LocalFree
LocalAlloc
GetVersion
GetCurrentThreadId
GetThreadLocale
GetStartupInfoA
GetLocaleInfoA
GetCommandLineA
FreeLibrary
UnhandledExceptionFilter
RtlUnwind
RaiseException
GetStdHandle
TlsSetValue
TlsGetValue
TlsFree
TlsAlloc
lstrlenW
lstrlenA
lstrcpyW
lstrcpyA
lstrcmpiW
lstrcmpiA
WriteProcessMemory
WaitForMultipleObjects
VirtualQueryEx
VirtualQuery
VirtualProtectEx
UnmapViewOfFile
TerminateThread
TerminateProcess
SetLastError
SetEvent
ResumeThread
ReleaseMutex
ReadProcessMemory
ReadFile
OpenProcess
OpenMutexW
OpenMutexA
OpenFileMappingW
OpenFileMappingA
OpenEventW
MapViewOfFile
LoadLibraryExA
LoadLibraryW
LoadLibraryA
IsBadWritePtr
IsBadReadPtr
GetProcAddress
GetModuleHandleW
GetModuleHandleA
GetModuleFileNameW
GetModuleFileNameA
GetFileAttributesW
GetFileAttributesA
GetExitCodeThread
GetCurrentProcessId
GetCurrentDirectoryW
GetCurrentDirectoryA
InterlockedExchange

oleaut32

SysReAllocStringLen
SysFreeString

Sections

.text
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

CODE
Size: 88KB - Virtual size: 85KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a126a781c894f730b2a68be384118535

Headers

File Characteristics

Imports

advapi32

user32

kernel32

oleaut32

Sections

.text Size: 36KB - Virtual size: 33KB

CODE Size: 88KB - Virtual size: 85KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 16KB - Virtual size: 16KB

DATA Size: 4KB - Virtual size: 3KB

BSS Size: 4KB - Virtual size: 1KB

.rsrc Size: 24KB - Virtual size: 22KB

.text
Size: 36KB - Virtual size: 33KB

CODE
Size: 88KB - Virtual size: 85KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 16KB - Virtual size: 16KB

DATA
Size: 4KB - Virtual size: 3KB

BSS
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 24KB - Virtual size: 22KB